Solved

suddenly unable to logon to laptop when remote: "Domain is unavailable".

Posted on 2006-11-27
8
415 Views
Last Modified: 2010-04-18
I am hoping that someone out there has seen this issue before and can help me understand what happened.  I have a user with a laptop who often works remotely.  She has a non-roaming profile, so when remote, she logs into her computer using her domain credentials and uses the local profile, all as we would expect.  This has been working for about a year.

Suddenly today, she was trying to start a program using "run as" for admin rights (as she has done successfully for many months).  The system refused the password ("...username or password are incorrect").  I had her log off and try logging on as that user, but it would not do so because "the domain controller cannot be reached".  "OK", i think, "maybe I never logged into her computer as that admin user".  So I have her try using my admin credentials that I know I have used on her machine before, and it logs in ok.  I have her log back in as herself and try to "run as" the account that we just succeeded as logging in as, but it tells her "bad username or password".  

Frustrated, I think I will have her log back in under my credentials and make her account a local admin.  However, once we log out, we are no longer able to log in as this same admin user; we get "the domain controller cannot be reached.".  In fact, we can no longer log in even as her original user!  We appear to be completely unable to log into the machine because it cannot find a DC!!  

I have never had this problem before and am rather stumped as to what could have caused it?  Does anyone out there have any idea
   A) why might this happen?
   B) how can I get around the problem?
   C) how can I prevent it happening again?

I am working on solving number B right now.  Currently, I have the user looking for a network cable she can borrow.  I am thinking maybe I can have her put a check in "log in using dial-up networking" and connect to the VPN as she logs in. thus allowing her computer to talk to the domain controller.  Any thoughts on if this would work?

The user is remote for a series of meetings and not having access to her computer is causing a LOT of stress right now, so any thoughts on solving this are greatly appreciated!

Thank you!
0
Comment
Question by:boydicus
  • 5
  • 3
8 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 18021924
It's all about the profile.

Runas will work as expected while connected to the domain.
Runas will work as expected, provided the credentials used have a profile on the machine (have logged on at least once on the domain).
Runas will not work when trying to use credentials that don't satisfy one of the above.

Now, changing the user's rights basically broke the "cached" security token and therefore broke the cached logon - which requires reaching out to the DC to rebuild the token and recache it.

The fix....connect it to the domain and log in once.

0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 18021955
As long as the VPN Connectoid is in the Dial Up entries, then using dial up should work.

To fix her temporarily if everything else fails, have her logon with your credentials (which should still be cached) and create a local user account that is part of the admin group.

She can then get her stuff via Documents and Settings\Profile of user\My Documents and/or Desktop.

0
 

Author Comment

by:boydicus
ID: 18022210
Netman66, thanks for your reply.  Please note that I never got a chance to change the user's profile.  In fact, it appears that "the problem" occurred while she was logged in.  I logged her out, then logged in as myself once, then logged in as herself once, and after that have been unable to log in as anyone.  The original account she was trying to use for "run as" was a local admin account, for what it is worth.

Any further thoughts would be greatly appreciated.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 51

Expert Comment

by:Netman66
ID: 18023178
Didn't I read that when you logged in you added her to the Admin group?

Runas the local Admin account shouldn't have thrown any errors though...

So, the local Admin account doesn't work either?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18023263
You may also want to check to see if her actual account in AD has expired as well.

0
 

Author Comment

by:boydicus
ID: 18025248
no, when I logged in as me initially it was just to see if it was possible.  I didnt think of adding her to admin group until my credentials failed on "run as".  Then I tried to log in as me again but was denied.  At that point I was unable to log back in as anyone.  

I used Remote Desktop to connect to a machine on her local network and was able to log in as her, so her account is good.  
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18032287
Well, unless you can get her logged in with a local account, it may be necessary to have her log back in while connected to the LAN.

It sounds like all the cached credentials are messed up.

0
 

Author Comment

by:boydicus
ID: 18040639
agreed.  To make it even more bizarre, she sent me a message that she just kept trying and trying the different accounts out of desperation, and suddenly "it started working".  I believe that she was able to log in using the connection to the VPN and this refreshed the credentials.  She can't confirm that this happened since by the end she was pretty much just flailing around.  I just wish I knew why this happened and how to guard against it in the future.  Thanks for the help.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now